ATLAS-1402: fix UI input validation
Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/6681b948 Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/6681b948 Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/6681b948 Branch: refs/heads/0.7-incubating Commit: 6681b94862f300a4e320e7cedf607e54dc6d3ad5 Parents: 3a95c0f Author: kevalbhatt <[email protected]> Authored: Tue Dec 27 14:11:15 2016 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Dec 27 14:41:39 2016 -0800 ---------------------------------------------------------------------- dashboardv2/public/index.html | 1 + dashboardv2/public/js/models/VTag.js | 1 + .../public/js/utils/CommonViewFunction.js | 10 ++-- dashboardv2/public/js/utils/Utils.js | 14 ++--- .../views/audit/CreateAuditTableLayoutView.js | 4 +- .../BusinessCatalogDetailLayoutView.js | 54 +------------------- .../business_catalog/BusinessCatalogHeader.js | 2 +- .../js/views/business_catalog/TreeLayoutView.js | 10 ++-- .../views/detail_page/DetailPageLayoutView.js | 8 +-- .../public/js/views/schema/SchemaLayoutView.js | 4 +- .../js/views/search/SearchResultLayoutView.js | 6 +-- .../public/js/views/tag/CreateTagLayoutView.js | 3 +- .../views/tag/TagAttributeDetailLayoutView.js | 33 +++++++----- .../js/views/tag/TagDetailTableLayoutView.js | 6 +-- .../public/js/views/tag/addTagModalView.js | 2 +- release-log.txt | 1 + webapp/src/main/webapp/login.jsp | 1 + 17 files changed, 60 insertions(+), 100 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/index.html ---------------------------------------------------------------------- diff --git a/dashboardv2/public/index.html b/dashboardv2/public/index.html index 04edcee..534d574 100644 --- a/dashboardv2/public/index.html +++ b/dashboardv2/public/index.html @@ -30,6 +30,7 @@ <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8; Cache-Control: no-cache" /> + <meta http-equiv="X-Frame-Options" content="deny"> <title>Atlas</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/models/VTag.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/models/VTag.js b/dashboardv2/public/js/models/VTag.js index 12c36f8..043b3ed 100644 --- a/dashboardv2/public/js/models/VTag.js +++ b/dashboardv2/public/js/models/VTag.js @@ -32,6 +32,7 @@ define(['require', initialize: function() { this.modelName = 'VTag'; + this.set('tags', _.escape(this.get('tags'))); this.bindErrorEvents(); }, toString: function() { http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/utils/CommonViewFunction.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/utils/CommonViewFunction.js b/dashboardv2/public/js/utils/CommonViewFunction.js index 67dd5e2..edb6058 100644 --- a/dashboardv2/public/js/utils/CommonViewFunction.js +++ b/dashboardv2/public/js/utils/CommonViewFunction.js @@ -336,13 +336,13 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages', 'utils/Glob if (i == 0) { href = splitUrlWithoutTerm[i]; urlList.push({ - value: splitUrlWithoutTerm[i], + value: _.escape(splitUrlWithoutTerm[i]), href: href }); } else { href += "/terms/" + splitUrlWithoutTerm[i]; urlList.push({ - value: splitUrlWithoutTerm[i], + value: _.escape(splitUrlWithoutTerm[i]), href: href }); }; @@ -398,8 +398,8 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages', 'utils/Glob } if (tagName.term) { terms.push({ - deleteHtml: '<a class="pull-left" title="Remove Term"><i class="fa fa-trash" data-id="tagClick" data-type="term" data-assetname="' + model.get("name") + '" data-name="' + tagName.fullName + '" data-guid="' + model.get('$id$').id + '" ></i></a>', - url: tagName.fullName.split(".").join("/"), + deleteHtml: '<a class="pull-left" title="Remove Term"><i class="fa fa-trash" data-id="tagClick" data-type="term" data-assetname="' + _.escape(model.get("name")) + '" data-name="' + tagName.fullName + '" data-guid="' + model.get('$id$').id + '" ></i></a>', + url: _.unescape(tagName.fullName).split(".").join("/"), name: tagName.fullName }); } @@ -410,7 +410,7 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages', 'utils/Glob className += "showHideDiv hide"; } obj['valueUrl'] = CommonViewFunction.breadcrumbUrlMaker(obj.url); - html += '<div class="' + className + '" dataterm-name="' + obj.name + '"><div class="liContent"></div>' + obj.deleteHtml + '</div>'; + html += '<div class="' + className + '" dataterm-name="' + _.escape(obj.name) + '"><div class="liContent"></div>' + obj.deleteHtml + '</div>'; }) if (terms.length > 1) { html += '<div><a href="javascript:void(0)" data-id="showMoreLessTerm" class="inputTag inputTagGreen"><span>Show More </span><i class="fa fa-angle-right"></i></a></div>' http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/utils/Utils.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/utils/Utils.js b/dashboardv2/public/js/utils/Utils.js index 48963ad..d3a1b18 100644 --- a/dashboardv2/public/js/utils/Utils.js +++ b/dashboardv2/public/js/utils/Utils.js @@ -49,33 +49,33 @@ define(['require', 'utils/Globals', 'pnotify'], function(require, Globals, pnoti }; var notify = function(options) { - new pnotify(_.extend({ icon: true, hide: true, delay: 3000,remove:true }, options)); + new pnotify(_.extend({ icon: true, hide: true, delay: 3000, remove: true }, options)); } Utils.notifyInfo = function(options) { notify({ type: "info", - text: options.content || "Info message." + text: _.escape(options.content) || "Info message." }); }; Utils.notifyWarn = function(options) { notify({ type: "notice", - text: options.content || "Info message." + text: _.escape(options.content) || "Info message." }); }; Utils.notifyError = function(options) { notify({ type: "error", - text: options.content || "Error occurred." + text: _.escape(options.content) || "Error occurred." }); }; Utils.notifySuccess = function(options) { notify({ type: "success", - text: options.content || "Error occurred." + text: _.escape(options.content) || "Error occurred." }); }; Utils.defaultErrorHandler = function(model, error) { @@ -243,7 +243,7 @@ define(['require', 'utils/Globals', 'pnotify'], function(require, Globals, pnoti if (value == "TaxonomyTerm") { return {} } - var name = value.split('.'); + var name = _.escape(value).split('.'); return { term: true, tag: false, @@ -261,7 +261,7 @@ define(['require', 'utils/Globals', 'pnotify'], function(require, Globals, pnoti if (name === "TaxonomyTerm") { return {} } - name = name.split('.'); + name = _.escape(name).split('.'); var trem = false; if (value['taxonomy.namespace']) { trem = true; http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/audit/CreateAuditTableLayoutView.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/audit/CreateAuditTableLayoutView.js b/dashboardv2/public/js/views/audit/CreateAuditTableLayoutView.js index 58d5de8..252f96a 100644 --- a/dashboardv2/public/js/views/audit/CreateAuditTableLayoutView.js +++ b/dashboardv2/public/js/views/audit/CreateAuditTableLayoutView.js @@ -70,7 +70,7 @@ define(['require', var valueObject = detailsObject.values; if (this.action == Globals.auditAction.TAG_ADD) { this.ui.auditHeaderValue.html('<th>Tag</th>'); - this.ui.auditValue.html("<tr><td>" + detailsObject.typeName + "</td></tr>"); + this.ui.auditValue.html("<tr><td>" + _.escape(detailsObject.typeName) + "</td></tr>"); } else { this.ui.auditHeaderValue.html('<th>Key</th><th>New Value</th>'); table = CommonViewFunction.propertyTable(valueObject, this); @@ -86,7 +86,7 @@ define(['require', } else if (this.action == Globals.auditAction.TAG_DELETE) { var appendedString = this.entityModel.get('details').split(':'); this.ui.auditHeaderValue.html('<th>Tag</th>'); - this.ui.auditValue.html("<tr><td>" + appendedString[1] + "</td></tr>"); + this.ui.auditValue.html("<tr><td>" + _.escape(appendedString[1]) + "</td></tr>"); } }, http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/business_catalog/BusinessCatalogDetailLayoutView.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/business_catalog/BusinessCatalogDetailLayoutView.js b/dashboardv2/public/js/views/business_catalog/BusinessCatalogDetailLayoutView.js index 0518578..f709f4d 100644 --- a/dashboardv2/public/js/views/business_catalog/BusinessCatalogDetailLayoutView.js +++ b/dashboardv2/public/js/views/business_catalog/BusinessCatalogDetailLayoutView.js @@ -104,7 +104,7 @@ define(['require', } if (description) { this.ui.description.show(); - this.ui.description.html('<span>' + description + '</span>'); + this.ui.description.html('<span>' + _.escape(description) + '</span>'); } else { this.ui.description.hide(); } @@ -129,56 +129,6 @@ define(['require', this.ui.editButton.show(); this.ui.editBox.hide(); }, - addTagCollectionList: function(obj, searchString) { - var list = "", - that = this; - _.each(obj, function(model) { - var tags = model.get("tags"); - if (!_.contains(that.tagElement, tags)) { - if (searchString) { - if (tags.search(new RegExp(searchString, "i")) != -1) { - list += '<div><span>' + tags + '</span></div>'; - return; - } - } else { - list += '<div><span>' + tags + '</span></div>'; - } - } - }); - if (list.length <= 0) { - list += '<div><span>' + "No more tags" + '</span></div>'; - } - this.ui.appendList.html(list); - }, - addTagToTerms: function(tagObject) { - var tagData = ""; - _.each(tagObject, function(val) { - tagData += '<span class="inputTag"><span class="inputValue">' + val + '</span><i class="fa fa-close" data-id="deleteTag"></i></span>'; - }); - this.$('.addTag-dropdown').before(tagData); - }, - saveTagFromList: function(ref) { - var that = this; - this.entityModel = new VEntity(); - var tagName = ref.text(); - var json = { - "jsonClass": "org.apache.atlas.typesystem.json.InstanceSerialization$_Struct", - "typeName": tagName, - "values": {} - }; - this.entityModel.saveEntity(this.id, { - data: JSON.stringify(json), - success: function(data) { - that.collection.fetch({ reset: true }); - }, - error: function(error, data, status) { - if (error && error.responseText) { - var data = JSON.parse(error.responseText); - } - }, - complete: function() {} - }); - }, onEditButton: function(e) { var that = this; $(e.currentTarget).blur(); @@ -186,7 +136,7 @@ define(['require', 'views/tag/CreateTagLayoutView', 'modules/Modal' ], function(CreateTagLayoutView, Modal) { - var view = new CreateTagLayoutView({ 'termCollection': that.collection, 'descriptionData': that.model.get('description'), 'tag': that.termName.name }); + var view = new CreateTagLayoutView({ 'termCollection': that.collection, 'descriptionData': that.model.get('description'), 'tag': _.unescape(that.termName.name) }); var modal = new Modal({ title: 'Edit Term', content: view, http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/business_catalog/BusinessCatalogHeader.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/business_catalog/BusinessCatalogHeader.js b/dashboardv2/public/js/views/business_catalog/BusinessCatalogHeader.js index 6be1d2d..75ed98c 100644 --- a/dashboardv2/public/js/views/business_catalog/BusinessCatalogHeader.js +++ b/dashboardv2/public/js/views/business_catalog/BusinessCatalogHeader.js @@ -41,7 +41,7 @@ define(['require', var that = this; $(this.el).html(this.template()); if (Globals.userLogedIn.status) { - that.$('.userName').html(Globals.userLogedIn.response.userName); + that.$('.userName').text(Globals.userLogedIn.response.userName); } var that = this; if (this.url) { http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/business_catalog/TreeLayoutView.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/business_catalog/TreeLayoutView.js b/dashboardv2/public/js/views/business_catalog/TreeLayoutView.js index 5802c92..e17b9ab 100644 --- a/dashboardv2/public/js/views/business_catalog/TreeLayoutView.js +++ b/dashboardv2/public/js/views/business_catalog/TreeLayoutView.js @@ -258,11 +258,11 @@ define(['require', if (isParent) { this.parentCollection.url = this.url; this.parentCollection.fullCollection.reset(undefined, { silent: true }); - this.parentCollection.fetch({ reset: true,cache:true }); + this.parentCollection.fetch({ reset: true, cache: true }); } else { this.childCollection.url = this.url + "?hierarchy/path:."; this.childCollection.fullCollection.reset(undefined, { silent: true }); - this.childCollection.fetch({ reset: true }); + this.childCollection.fetch({ reset: true, cache: true }); } }, showLoader: function() { @@ -386,7 +386,7 @@ define(['require', } var name = Utils.checkTagOrTerm(model.get('name'), true); if (name.name) { - // data-name="<space>'<tagName>'" Space is required for DSL search Input + // data-name="<space>'<tagName>'" Space is required for DSL search Input if (that.viewBased) { parentLi = '<div class="tools"><i class="fa fa-refresh fa-spin-custom taxanomyloader"></i><i class="fa fa-ellipsis-h termPopover"></i></div><i class="fa fa-angle-right toggleArrow" data-id="expandArrow" data-href="' + hrefUrl + '"></i><a href="javascript:void(0)" data-href="' + hrefUrl + '" data-name=" `' + model.get('name') + '`">' + name.name + '</a>'; } else { @@ -529,7 +529,7 @@ define(['require', assetName = $(e.target).data("assetname"), that = this, modal = CommonViewFunction.deleteTagModel({ - msg: "<div class='ellipsis'>Delete: " + "<b>" + termName + "?</b></div>" + + msg: "<div class='ellipsis'>Delete: " + "<b>" + _.escape(termName) + "?</b></div>" + "<p class='termNote'>Assets mapped to this term will be unclassified.</p>", titleMessage: Messages.deleteTerm, buttonText: "Delete" @@ -615,7 +615,7 @@ define(['require', var view = new AddTermLayoutView({ url: "/api/atlas/v1/taxonomies", model: new that.parentCollection.model(), - defaultTerm:true + defaultTerm: true }); var modal = new Modal({ title: 'Taxonomy', http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/detail_page/DetailPageLayoutView.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/detail_page/DetailPageLayoutView.js b/dashboardv2/public/js/views/detail_page/DetailPageLayoutView.js index 4706ba3..336758d 100644 --- a/dashboardv2/public/js/views/detail_page/DetailPageLayoutView.js +++ b/dashboardv2/public/js/views/detail_page/DetailPageLayoutView.js @@ -155,7 +155,7 @@ define(['require', this.description = collectionJSON[0].values.description; if (this.name) { this.ui.title.show(); - var titleName = '<span>' + this.name + '</span>'; + var titleName = '<span>' + _.escape(this.name) + '</span>'; if (this.readOnly) { titleName += '<button title="Deleted" class="btn btn-atlasAction btn-atlas deleteBtn"><i class="fa fa-trash"></i> Deleted</button>'; } @@ -165,7 +165,7 @@ define(['require', } if (this.description) { this.ui.description.show(); - this.ui.description.html('<span>' + this.description + '</span>'); + this.ui.description.html('<span>' + _.escape(this.description) + '</span>'); } else { this.ui.description.hide(); } @@ -201,13 +201,13 @@ define(['require', that = this; if (tagOrTerm === "term") { var modal = CommonViewFunction.deleteTagModel({ - msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName + "</b> assignment from" + " " + "<b>" + this.name + "?</b></div>", + msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName) + "</b> assignment from" + " " + "<b>" + this.name + "?</b></div>", titleMessage: Messages.removeTerm, buttonText: "Remove" }); } else if (tagOrTerm === "tag") { var modal = CommonViewFunction.deleteTagModel({ - msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName + "</b> assignment from" + " " + "<b>" + this.name + "?</b></div>", + msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName) + "</b> assignment from" + " " + "<b>" + this.name + "?</b></div>", titleMessage: Messages.removeTag, buttonText: "Remove" }); http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/schema/SchemaLayoutView.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/schema/SchemaLayoutView.js b/dashboardv2/public/js/views/schema/SchemaLayoutView.js index 47a8464..4a2dfdd 100644 --- a/dashboardv2/public/js/views/schema/SchemaLayoutView.js +++ b/dashboardv2/public/js/views/schema/SchemaLayoutView.js @@ -412,13 +412,13 @@ define(['require', that = this; if (tagOrTerm === "term") { var modal = CommonViewFunction.deleteTagModel({ - msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName + "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>", + msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName) + "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>", titleMessage: Messages.removeTerm, buttonText: "Remove" }); } else if (tagOrTerm === "tag") { var modal = CommonViewFunction.deleteTagModel({ - msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName + "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>", + msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName) + "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>", titleMessage: Messages.removeTag, buttonText: "Remove" }); http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/search/SearchResultLayoutView.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/search/SearchResultLayoutView.js b/dashboardv2/public/js/views/search/SearchResultLayoutView.js index 2eca6a1..343cb1a 100644 --- a/dashboardv2/public/js/views/search/SearchResultLayoutView.js +++ b/dashboardv2/public/js/views/search/SearchResultLayoutView.js @@ -265,7 +265,7 @@ define(['require', if (that.searchCollection.models.length) { that.startRenderTableProcess(); } - var resultData = 'Results for <b>' + that.searchCollection.queryParams.query + '</b>'; + var resultData = 'Results for <b>' + _.escape(that.searchCollection.queryParams.query) + '</b>'; var multiAssignDataTag = '<a href="javascript:void(0)" class="inputAssignTag multiSelectTag assignTag" style="display:none" data-id="addAssignTag"><i class="fa fa-plus"></i>' + " " + 'Assign Tag</a>'; if (Globals.taxonomy) { var multiAssignDataTerm = '<a href="javascript:void(0)" class="inputAssignTag multiSelect" style="display:none" data-id="addTerm"><i class="fa fa-folder-o"></i>' + " " + 'Assign Term</a>'; @@ -615,13 +615,13 @@ define(['require', that = this; if (tagOrTerm === "term") { var modal = CommonViewFunction.deleteTagModel({ - msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName + "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>", + msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName) + "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>", titleMessage: Messages.removeTerm, buttonText: "Remove" }); } else if (tagOrTerm === "tag") { var modal = CommonViewFunction.deleteTagModel({ - msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName + "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>", + msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName) + "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>", titleMessage: Messages.removeTag, buttonText: "Remove" }); http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/tag/CreateTagLayoutView.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/tag/CreateTagLayoutView.js b/dashboardv2/public/js/views/tag/CreateTagLayoutView.js index 8ff076a..0530767 100644 --- a/dashboardv2/public/js/views/tag/CreateTagLayoutView.js +++ b/dashboardv2/public/js/views/tag/CreateTagLayoutView.js @@ -1,4 +1,3 @@ - /** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -72,7 +71,7 @@ define(['require', if (this.create) { this.tagCollectionList(); } else { - this.ui.title.html('<span>' + this.tag + '</span>'); + this.ui.title.html('<span>' + _.escape(this.tag) + '</span>'); } }, tagCollectionList: function() { http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/tag/TagAttributeDetailLayoutView.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/tag/TagAttributeDetailLayoutView.js b/dashboardv2/public/js/views/tag/TagAttributeDetailLayoutView.js index e115f83..8f82064 100644 --- a/dashboardv2/public/js/views/tag/TagAttributeDetailLayoutView.js +++ b/dashboardv2/public/js/views/tag/TagAttributeDetailLayoutView.js @@ -45,6 +45,7 @@ define(['require', addTagListBtn: '[data-id="addTagListBtn"]', addTagtext: '[data-id="addTagtext"]', addTagPlus: '[data-id="addTagPlus"]', + addTagBtn: '[data-id="addTagBtn"]', description: '[data-id="description"]', descriptionTextArea: '[data-id="descriptionTextArea"]', publishButton: '[data-id="publishButton"]', @@ -74,16 +75,17 @@ define(['require', this.listenTo(this.tagCollection, 'reset', function() { var that = this, attributeData = ""; - _.each(this.tagCollection.models, function(attr) { - var traitTypes = attr.get("traitTypes"); - if (traitTypes[0].typeDescription != null) { - var descriptionValue = traitTypes[0].typeDescription; - that.ui.description.html(descriptionValue); - } - _.each(traitTypes[0].attributeDefinitions, function(value, key) { - attributeData += '<span class="inputAttribute">' + value.name + '</span>'; - }); + this.traitTypes = this.tagCollection.first().get("traitTypes")[0]; + if (this.traitTypes.typeDescription != null) { + that.ui.description.text(this.traitTypes.typeDescription); + } + if (this.traitTypes.typeName != null) { + that.ui.title.text(this.traitTypes.typeName); + } + _.each(this.traitTypes.attributeDefinitions, function(value, key) { + attributeData += '<span class="inputAttribute">' + _.escape(value.name) + '</span>'; }); + if (attributeData.length) { that.ui.addTagtext.hide(); that.ui.addTagPlus.show(); @@ -91,16 +93,21 @@ define(['require', that.ui.showAttribute.html(attributeData); }, this); this.listenTo(this.tagCollection, 'error', function(error, response) { + this.ui.addTagBtn.hide(); + this.ui.editButton.hide(); if (response.responseJSON && response.responseJSON.error) { Utils.notifyError({ content: response.responseJSON.error }); + } else { + Utils.notifyError({ + content: "Something went wrong" + }); } }, this); }, onRender: function() { - this.ui.title.html('<span>' + this.tag + '</span>'); this.ui.saveButton.attr("disabled", "true"); this.ui.publishButton.prop('disabled', true); }, @@ -141,7 +148,7 @@ define(['require', }).open(); modal.on('ok', function() { var attributeName = $(view.el).find("input").val(); - that.tagCollection.first().get('traitTypes')[0].attributeDefinitions.push({ + that.traitTypes.attributeDefinitions.push({ "name": attributeName, "dataTypeName": "string", "multiplicity": "optional", @@ -163,14 +170,14 @@ define(['require', this.ui.editBox.hide(); }, textAreaChangeEvent: function(view, modal) { - if (view.tagCollection.first().get('traitTypes')[0].typeDescription == view.ui.description.val()) { + if (this.traitTypes.typeDescription == view.ui.description.val()) { modal.$el.find('button.ok').prop('disabled', true); } else { modal.$el.find('button.ok').prop('disabled', false); } }, onPublishClick: function(view) { - view.tagCollection.first().get('traitTypes')[0].typeDescription = view.ui.description.val(); + this.traitTypes.typeDescription = view.ui.description.val(); this.onSaveButton(this.tagCollection.first().toJSON(), Messages.updateTagDescriptionMessage); this.ui.description.show(); }, http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/tag/TagDetailTableLayoutView.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/tag/TagDetailTableLayoutView.js b/dashboardv2/public/js/views/tag/TagDetailTableLayoutView.js index 283b889..a3e3e5d 100644 --- a/dashboardv2/public/js/views/tag/TagDetailTableLayoutView.js +++ b/dashboardv2/public/js/views/tag/TagDetailTableLayoutView.js @@ -136,7 +136,7 @@ define(['require', var stringArr = []; tagValue = ""; _.each(values, function(val, key) { - var attrName = "<span>" + key + ":" + val + "</span>"; + var attrName = "<span>" + _.escape(key) + ":" + _.escape(val) + "</span>"; stringArr.push(attrName); }); tagValue += stringArr.join(", "); @@ -178,13 +178,13 @@ define(['require', that = this; if (that.term) { var modal = CommonViewFunction.deleteTagModel({ - msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName + "</b> assignment from" + " " + "<b>" + this.assetName + "?</b></div>", + msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName) + "</b> assignment from" + " " + "<b>" + this.assetName + "?</b></div>", titleMessage: Messages.removeTerm, buttonText: "Remove", }); } else { var modal = CommonViewFunction.deleteTagModel({ - msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName + "</b> assignment from" + " " + "<b>" + this.assetName + "?</b></div>", + msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName) + "</b> assignment from" + " " + "<b>" + this.assetName + "?</b></div>", titleMessage: Messages.removeTag, buttonText: "Remove", }); http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/tag/addTagModalView.js ---------------------------------------------------------------------- diff --git a/dashboardv2/public/js/views/tag/addTagModalView.js b/dashboardv2/public/js/views/tag/addTagModalView.js index 972997c..8cfe27d 100644 --- a/dashboardv2/public/js/views/tag/addTagModalView.js +++ b/dashboardv2/public/js/views/tag/addTagModalView.js @@ -156,7 +156,7 @@ define(['require', if (this.commonCollection.models[0] && this.commonCollection.models[0].attributes && this.commonCollection.models[0].attributes.traitTypes[0].attributeDefinitions) { for (var i = 0; i < this.commonCollection.models[0].attributes.traitTypes[0].attributeDefinitions.length; i++) { var attribute = this.commonCollection.models[0].attributes.traitTypes[0].attributeDefinitions; - var strAttribute = '<div class="form-group"><label>' + attribute[i].name + '</label>' + + var strAttribute = '<div class="form-group"><label>' + _.escape(attribute[i].name) + '</label>' + '<input type="text" class="form-control attributeInputVal attrName" data-key="' + attribute[i].name + '" ></input></div>'; this.ui.tagAttribute.append(strAttribute); } http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index ccb2a3a..2543526 100644 --- a/release-log.txt +++ b/release-log.txt @@ -32,6 +32,7 @@ ATLAS-409 Atlas will not import avro tables with schema read from a file (dosset ATLAS-379 Create sqoop and falcon metadata addons (venkatnrangan,bvellanki,sowmyaramesh via shwethags) ALL CHANGES: +ATLAS-1402 fix UI input validation ATLAS-1192 Atlas IE support (kevalbhatt) ATLAS-1215 Atlas UI not working in firefox due to fix in ATLAS-1199 (kevalbhatt) ATLAS-1199 Atlas UI not loading after fresh build due to jquery-asBreadcrumbs plugin upgrade (kevalbhatt via shwethags) http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/webapp/src/main/webapp/login.jsp ---------------------------------------------------------------------- diff --git a/webapp/src/main/webapp/login.jsp b/webapp/src/main/webapp/login.jsp index 465e4e8..78f0f97 100644 --- a/webapp/src/main/webapp/login.jsp +++ b/webapp/src/main/webapp/login.jsp @@ -36,6 +36,7 @@ Redirect(); <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta http-equiv="X-Frame-Options" content="deny"> <title>Atlas Login</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width">
